Lucene search

K
vulnrichmentXENVULNRICHMENT:CVE-2024-31143
HistoryJul 18, 2024 - 1:31 p.m.

CVE-2024-31143 double unlock in x86 guest IRQ handling

2024-07-1813:31:31
XEN
github.com
3
cve-2024-31143
x86 guest
irq handling
pci msi
multiple message
error path
lock release

AI Score

6.5

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

total

An optional feature of PCI MSI called “Multiple Message” allows a
device to use multiple consecutive interrupt vectors. Unlike for MSI-X,
the setting up of these consecutive vectors needs to happen all in one
go. In this handling an error path could be taken in different
situations, with or without a particular lock held. This error path
wrongly releases the lock even when it is not currently held.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*"
    ],
    "vendor": "xen",
    "product": "xen",
    "versions": [
      {
        "status": "affected",
        "version": "4.4",
        "lessThan": "4.16",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

AI Score

6.5

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

total